Date: 31 Jan 2001 14:14:10 -0800 From: "Edward W. M." <edward_wm@hotmail.com> To: wes@softweyr.com Cc: freebsd-security@FreeBSD.ORG, kris@obsecurity.org Subject: Re: POP3 / IMAP security Message-ID: <LC4-LFD90mRBaYFkuut00000030@hotmail.com>
next in thread | raw e-mail | index | archive | help
Date: Wed, 31 Jan 2001 14:14:10 -0800 Mime-Version: 1.0 Content-Type: text/plain; format=flowed On Tue, 30 Jan 2001 11:32:12 -0700, Wes Peters wrote: >Courier. It's GPL, but it seems reliable. I'm learning quite a bit >more about it right now, working on an authentication module to work >with our user database (stored in PostgreSQL). Courier works well >with either BSD-style mailboxes or Maildirs. We use it in >conjunction with Qmail, though I am experimenting with Cyrus and >Postfix as well. It looks good, but let me quote the first part of ports/mail/courier-imap/pkg-descr: Courier-IMAP is a server that provides IMAP access to Maildir mailboxes. This IMAP server does NOT handle traditional mailbox files (/var/spool/mail, and derivatives), it was written for the specific purpose of providing IMAP access to Maildirs. So it does not support the mailbox format (which I need), you must have misread something, thanks for trying to help though. As I have not received many responses I was forced to do some research myself. I would like to thank all of you who responded, most of you recommended ports/mail/cucipop, which seems to be a fast, fully RFC 1939 compliant POP3 server. It works well as long as you are not accessing the mailbox from your mail reader and via pop simultaneously, which some of my users are bound to do. So far the best choices for POP3 seem to be: - ports/mail/popa3d, a server written by Solar Designer, which means that security was a top priority in designing this piece of software. Only the mailbox format is supported, sounds like a very good choice. - ports/mail/solidpop3d, claims to have a very similar design to popa3d's, but with flexibility as its main goal. It supports both mailbox and maildir formats and has all sorts of very nice features that you should read about in its pkg-descr. One of the features I find very useful is user mapping, which, as far as I understand, can also be used to deny certain users access to their mail via pop. All you have to do is set configuration options DoMapping and RequiredMapping to true and all users who are NOT listed in the file specified under UserMapFile will not be allowed access to their mail. So it has the exact opposite function as ftpusers for ftp. Does anyone know of a pop server with this sort of functionality that can be used directly (i.e. through a pop3users file)? I have not had the time to find the next best thing to Cyrus as far as imap servers are concerned, but when I do, I will post my findings here - if anyone's interested, that is. Kris (I know you were wondering why I sent you a CC :-)), since I mentioned ftp, could you tell us what kind of server you are running at ftp.freebsd.org? I get: 220 sourcerer.freesoftware.com FTP server (Version DG-4.0.62974200128) ready. What is this and where can I grab a copy? I'm currently using proftpd and am quite happy with it, but I would be very interested in taking a look at what makes one of the world's busiest ftp sites tick. Thanks, Edward W. M. _________________________________________________________________ Get your FREE download of MSN Explorer at http://explorer.msn.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?LC4-LFD90mRBaYFkuut00000030>